7c4927948a741e8e8e2a7c16715ec9dd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7c4927948a741e8e8e2a7c16715ec9dd
Size

16KB
MD5

7c4927948a741e8e8e2a7c16715ec9dd
SHA1

e9a6c2ba28d2656f62d8009e4be2b5554c83fb55
SHA256

df133b2a8513f7de95467e12aafc693264500586a2fa310b5a501f232307bd1a
SHA512

3f5461700213009e665c819a104af7d066dfc55b93d1cc13d7038a5f417d12fe2551a12c743ff35b143f599522da620857ee0f748f774854f4de20ce82fe9d32
SSDEEP

384:jhHX4rJM7UlNV1vzJuBBQARQkQIoJ44W:jh3Q51vzEBBQARQki

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c4927948a741e8e8e2a7c16715ec9dd

Files

7c4927948a741e8e8e2a7c16715ec9dd
.dll windows:4 windows x86 arch:x86

0080d1062b64769398227d1024ff78f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_strupr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

LoadLibraryA
GetSystemDirectoryA
GetPrivateProfileStringA
CreateThread
lstrlenA
WritePrivateProfileStringA
IsBadReadPtr
ExitProcess
lstrcpyA
lstrcmpiA
lstrcmpA
WaitForSingleObject
TerminateThread
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
lstrcatA
ReadFile
VirtualProtectEx
Sleep

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ